The primary issue is that the logged in user is unable to see launch progress and unable to delete their own server. As such scopes seem to be off.
The jupyterhub is launched using a helm chart (version: 2.0.1-0.dev.git.6012.h458d566chelm call). Here is the templated helm config. The hub itself is running on AWS with an elastic load balancer, and i point to it through a CNAME mapping from my DNS provider. We deploy our own k8s cluster (not through EKS).
The user is dynamically authenticated through Github and authorized through a json file. I have also done org-based authorization without overriding the authenticator, and the same issue holds. I am also seeing the CORS issue that has been discussed on this forum, but i am unsure how to fix that in our setup. We are not running an nginx, just a classic load balancer deployed by the helm chart.
thanks @manics. isn’t the load-balancer configuration + https offloading happening with helm chart ? by switching the https to use letsencrypt, instead of the aws certificate, the problem resolves. hence, perhaps something in the helm chart for jupyterhub, in relation to aws that needs to be adjusted.